NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-01

From: Michal Zalewski (lcamtufcoredump.cx)
Date: Sun Jan 06 2002 - 16:37:43 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 5 Jan 2002, zen-parse wrote:

> Problem: URL handler allows embedded commands.
> May allow email viruses of the Outlook kind.

> http://address/'&/some/program${IFS}with${IFS}arguments&'

Isn't that old news? http://www.securityfocus.com/bid/810

I *can* be wrong, but it looks like it is the same problem...

-- 
_____________________________________________________
Michal Zalewski [lcamtufbos.bindview.com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]